Cybersecurity Lessons to be Learned from the Battle of Britain
Never in the field of human conflict was so much owed by so many to so few.
In July 1940 during the early days of World War II, the future looked very bleak for the United Kingdom. In only 6 weeks, Germany had invaded and defeated France, the British’s main ally since the start of the War, as well as Belgium and the Netherlands. The Germans set their sights next on the defeat of the UK with either a full-scale invasion of the island nation or an aerial bombardment and naval blockade campaign to induce a negotiated peace treaty. The United States and Russia had yet to join the war against Germany in the summer of 1940. On the brink of unprecedented enemy invasion, the United Kingdom stood alone against the seemingly unstoppable German military.
When the Battle of Britain began on July 10, 1940, the German air force, the Luftwaffe, was even closer to the island nation with airfields directly across the English Channel in newly conquered France. The proximity allowed the 2,550 Luftwaffe aircraft that would be used in the Battle of Britain to attack deeper into the British Isles than ever before. Initially, the Luftwaffe’s aerial attacks focused on creating a blockade of the island nation by attacking ships and ports. After 2 weeks of constant attacks on shipping, the Germans focused on defeating the Royal Air Force (RAF) with its force of 1,963 aircraft that would be eventually deployed during the Battle.
The Battle of Britain is known as the first military campaign fought entirely by air forces. Victory and defeat were decided entirely on the outcome of numerous aerial combat fights and bombing attacks over a period of 100 days. Air superiority, and who would possess it, eventually decided the fate of Great Britain.
While Winston Churchill’s famous line about the Few was meant to commemorate the pilots who fought in the Battle of Britain, some of the most important victories occurred in the electromagnetic spectrum. While the Battle of Britain is commonly referred to as the first air war campaign, it was also the first electronic warfare campaign as well. The battle in the electromagnetic spectrum played a decidedly important role in who would ultimately possess superiority in the skies.
Prior to and during World War II, the British led the development and deployment of radar technology. They installed a series of radar stations along the perimeter of the nation known as Chain Home. This provided radar coverage for the entire Europe-facing side of the British Isles. The system was able to detect high-flying targets even as far as away as within France. Additionally, the British had a network of radio listening stations known as Y Service, monitoring the patterns of Luftwaffe radio communications to locate their position. The network’s direction-finding goniometers and wireless receivers allowed the bearing of the signal source to be measured.
Also unbeknownst to the Germans, the British had broken their Enigma encryption. The Germans built electro-mechanical devices known as Enigma machines to encode their communications. The Enigma encrypted messages were typically relayed over radio communication using Morse code. The British could intercept, and were eventually able to decrypt, the messages.
Although the Germans had yet to perfect their own radar technology at this point the War, the Luftwaffe had an electromagnetic tool as well – the Knickebein. The “crooked leg” or “bent beam” consisted of two radio beams transmitted from mainland Europe which would be triangulated over a target in England. A Luftwaffe bombing raid would fly along the path of one radio beam and when the bombers intersected the other beam, they knew they were over the target and dropped their bombs. This allowed the Luftwaffe bombers to attack at night, requiring no visibility of their flight path or the target.
During the Battle, the British attempted countermeasures to detect, block and even manipulate the triangulation of the Knickebein beams, hence the term “bent beam”. The British flew patrol aircraft around their country fitted with special receivers to detect the beams. Detection of a beam also gave the RAF an indication that an attack was imminent and if the intersection could be located, what the target was as well. When the beams were able to be manipulated using local radio transmitters, the British placed the false intersection of the beams over an innocuous area where the Germans would incorrectly drop their bombs. The beam countermeasures efforts were part of the Y Service radio listening stations.
The British collected all the electronic intelligence gathered by the radar, listening stations, listening aircraft as well as visual sighting into what is now known as the Dowding System, later named after the Air Chief Marshal Hugh Dowding, commander of RAF Fighter Command. The system collected all the intelligence relayed to headquarters using a telephone network and correlated it to make rapid and informed decisions in response to the detected threats. Some intelligence collected by Enigma decryption was also correlated here but the information was only provided sparingly so as not to alert the Germans that the codes had been broken. During the Battle of Britain, the RAF defensive missions had a 90% and 100% success rate of encountering the approaching enemy. Prior to the Dowding System, a 30% to 50% success rate was typical of finding and engaging the enemy aircraft during a bombing raid.
The technical and operational capabilities allowed the British to get early warnings of attacks including the targets often, as well as information regarding the opposing forces’ strength. The British often had enough warning of attacks to deploy their scare resources to engage the enemy and often with a strength sufficient to have numerical superiority. The combination of early detection and rapid dissemination of that information through the Dowding System acted as a force multiplier for the smaller RAF. The Germans, who were also researching and developing their own radar technology, did not fully understand the extent or the capabilities of the deployed British system and capabilities. To the Luftwaffe, the British fighter aircraft defending the island nation appeared to be everywhere. Even though the Germans had numerical superiority in air power, the Luftwaffe believed the British had many more planes than they actually possessed because the RAF were able to respond in force to almost every attack. The smaller RAF was in fact only where it needed to be due to its electronic detection capabilities and ability to respond rapidly. The British usually knew when, where and how the Luftwaffe would strike.
On September 15, 1940, the German launched their largest bombing raid of the entire Battle on London necessitating the complete deployment of the RAF’s remaining Hurricane and Spitfire fighter aircraft. The result of the 13 hours of fighting was a decisive British victory by the pilots now known as the Few, immortalized in Winston Churchill’s speech given that day about their sacrifice. The Battle of Britain is considered by historians to have continued until October 31st when the Germans, with devastating loses on both sides, believed that the RAF was still a formidable force decided to change strategies in defeat. Despite the RAF losing nearly 89% of their aircraft to the Luftwaffe’s 77% during the Battle, the Germans believed the British had many more aircraft remaining. The RAF’s ability to deploy its limited resources when and wherever needed due to their technological advantages gave the Germans the false impression their enemy had a much larger air force.
After 100 days, The Battle of Britain was the first major defeat of Germany's military forces in the War. The Germans were unable to defeat the RAF to gain air superiority. As a result, the planned invasion of Britain was postponed and later canceled completely with many of the resources redeployed for the invasion of the Soviet Union the following year. The German strategy for the British Isles was reduced to a strategic and terror bombing campaign known as the Blitz which introduced the V1 flying bombs and V2 rockets. Victory by the Luftwaffe in the Battle of Britain would have allowed the Germans to either invade or force a negotiated peace – greatly changing the outcome of the War. Without the victory in the electromagnetic spectrum, the outcome of the Battle and thus the entire World War would have been very different.
Eighty years later there are lessons to be learned from the Battle of Britain for organizations defending against modern cybersecurity attacks. The integration of people, process and technology is vital to victory rather than just purely a technological deployment. In the cyberwarfare battles of today, the defenders do not know when, where or how the attackers will strike. Limited defensive resources must be deployed for seemingly ever-growing number of attack vectors such as the perimeter, endpoints, applications, email, databases, and the cloud. To succeed in battle, the defender must know where the attackers are quickly but also what the targets are so any resource disadvantages can be overcome by deploying defensive resources around the critical targets. Modern cybersecurity defenses need multiple layers of detection and defenses to defeat the advanced attacker. A layered defense with deception will frustrate the enemy, potentially causing the attacker to retreat and redeploy their resources elsewhere. Correlation of events is needed from the network and cybersecurity tools to filter out the signal noise and visualize the attacks. The same strategies of an integrated defense are needed to defeat the adversaries of today as they were in 1940.
Summary of Lessons
- An attacker that cannot be seen, cannot be defeated
- Detect the enemy as early as possible in the attack
- Define and focus limited resources around critical targets
- Frustrate the enemy with a layered defense and give the impression of an even stronger one
- Implement decoys and deception technology to defuse attacks
- See inside encrypted traffic to identify the enemy
- Correlate information from all sources to visualize, make informed decisions and respond to attacks rapidly
- Maintain a technological advantage but also continually improve and integrate processes and people
Recognizing the contributions of the technology and the Dowding System to the victory in the Battle of Britain, Winston Churchill made a statement not as nearly as famous as his one about the debt owed to the Few but it is poignant for the modern cyber war as well. “All the ascendancy of the Hurricanes and Spitfires would have been fruitless but for this system which had been devised and built before the war. It had been shaped and refined in constant action, and all was now fused together into a most elaborate instrument of war, the like of which existed nowhere in the world.”
Does your organization need assistance implementing the cybersecurity lessons of the Battle of Britain? Contact me at firstname.lastname@example.org to learn how Castle Ventures can help your organization win the battle and the war.